Sngrep

sngrep

Vendor: Irontec • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-35434 1Irontec 1Sngrep Sep 27, 2025 May 29, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP pack...Show more Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet.Show less
CVE-2024-3120 1Irontec 1Sngrep Feb 3, 2025 Apr 10, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_va...Show more A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.Show less
CVE-2024-3119 1Irontec 1Sngrep Feb 3, 2025 Apr 10, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy...Show more A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. Show less
CVE-2023-36192 1Irontec 1Sngrep Nov 21, 2024 Jun 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.
CVE-2023-31982 1Irontec 1Sngrep Jan 28, 2025 May 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.
CVE-2023-31981 1Irontec 1Sngrep Jan 29, 2025 May 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.